iaik.pkcs.pkcs11.provider.keypairgenerators

Class PKCS11KeyPairGenerator

java.lang.Object

java.security.KeyPairGeneratorSpi

iaik.pkcs.pkcs11.provider.keypairgenerators.PKCS11KeyPairGenerator

All Implemented Interfaces:

PKCS11EngineClass

Direct Known Subclasses:

DhKeyPairGenerator, DsaKeyPairGenerator, EcDsaKeyPairGenerator, KeaKeyPairGenerator, RsaKeyPairGenerator, RsaX931KeyPairGenerator, X942DhKeyPairGenerator

public abstract class PKCS11KeyPairGenerator
extends java.security.KeyPairGeneratorSpi
implements PKCS11EngineClass

An abstract engine class for generating key-pairs on a token. The application must call initialize(AlgorithmParameterSpec, SecureRandom) before calling generateKeyPair().

Author:

Karl Scheibelhofer

Field Summary

Fields

Modifier and Type	Field and Description
protected boolean	initialized_ Indicates that we have been already initialized.
protected PKCS11KeyPairGenerationSpec	keyPairGenerationSpec_ The parameters for this key generator.
protected boolean	pkcs11OperationInitialized_ Indicates, if the PKCS#11 signature/verify is already initialized for the next operation round.
protected iaik.pkcs.pkcs11.Session	session_ The session this object works with.
protected TokenManager	tokenManager_ Token manager used to login session, if required.
protected iaik.pkcs.pkcs11.MechanismInfo[][]	usedMechanismInfos_ The mechanism info is the same for all digest mechanisms.
protected iaik.pkcs.pkcs11.Mechanism[]	usedMechanisms_ The list of used mechanisms.

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	PKCS11KeyPairGenerator() Construct new generator.

Method Summary

Modifier and Type	Method and Description
protected IAIKPKCS11PrivateKey	createPkcs11PrivateKey(TokenManager tokenManager, iaik.pkcs.pkcs11.objects.PrivateKey privateKeyObject) Create a new JCE RSA private key with the given PKCS#11 object.
protected IAIKPKCS11PublicKey	createPkcs11PublicKey(TokenManager tokenManager, iaik.pkcs.pkcs11.objects.PublicKey publicKeyObject) Create a new JCE RSA public key with the given PKCS#11 object.
protected iaik.pkcs.pkcs11.objects.Object	createPrivateKeyCreationTemplate(PKCS11KeyPairGenerationSpec keyPairGenerationSpec) Create the public key template to use as input for the key-pair generation.
protected iaik.pkcs.pkcs11.objects.Object	createPublicKeyCreationTemplate(PKCS11KeyPairGenerationSpec keyPairGenerationSpec) Create the public key template to use as input for the key-pair generation.
protected void	finalize() Tries to close the used session.
protected void	finalizePkcs11Operation() The internal session finalization method, if the current operation has been finished.
java.security.KeyPair	generateKeyPair() Generate a new key pair.
protected abstract java.lang.String	getAlgorithmName() Get the JCA algorithm name, e.g.
protected abstract iaik.pkcs.pkcs11.Mechanism	getMechanism() Get the mechanism that this key-pair generator uses.
protected iaik.pkcs.pkcs11.MechanismInfo[][]	getUsedMechanismFeatures() Returns an two-dimensional array of MechanismInfos that this engine class uses.
protected iaik.pkcs.pkcs11.Mechanism[]	getUsedMechanisms() Returns an array of Mechanisms that this engine class uses.
void	initialize(java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom random) Just throws an UnsupportedOperationException.
void	initialize(int keysize, java.security.SecureRandom random) Just throws an UnsupportedOperationException.
protected void	initializePkcs11Operation() The internal session initialization method, if all necessary member variables are set.
protected void	initializeSession() Sets up an appropriate session.
boolean	isSupportedBy(TokenManager tokenManager) Check, if the current token of the given token manager supports the required features for this engine class.
protected void	validateAlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec parameters) Check, if the given internal parameters are appropriate.

Methods inherited from class java.lang.Object

clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

tokenManager_

protected TokenManager tokenManager_

Token manager used to login session, if required.

session_

protected iaik.pkcs.pkcs11.Session session_

The session this object works with.

keyPairGenerationSpec_

protected PKCS11KeyPairGenerationSpec keyPairGenerationSpec_

The parameters for this key generator.

initialized_

protected boolean initialized_

Indicates that we have been already initialized.

pkcs11OperationInitialized_

protected boolean pkcs11OperationInitialized_

Indicates, if the PKCS#11 signature/verify is already initialized for the next operation round.

usedMechanisms_

protected iaik.pkcs.pkcs11.Mechanism[] usedMechanisms_

The list of used mechanisms.

usedMechanismInfos_

protected iaik.pkcs.pkcs11.MechanismInfo[][] usedMechanismInfos_

The mechanism info is the same for all digest mechanisms.

Constructor Detail

PKCS11KeyPairGenerator

protected PKCS11KeyPairGenerator()

Construct new generator.

Method Detail

getUsedMechanisms

protected iaik.pkcs.pkcs11.Mechanism[] getUsedMechanisms()

Returns an array of Mechanisms that this engine class uses. For each of this mechanisms, the engine must provide at least one MechanismInfo via the getRequiredMechanismFeatures() method.

Returns:

An array that includes all used pkcs#11 mechanisms. The token must support at least one of these mechanisms. The dimension is equal to the first array dimension of getUsedMechanismFeatures(). May be empty, but must not be null.

Postconditions:

(result <> null) and (result.length == getUsedMechanismFeatures().length)

getUsedMechanismFeatures

protected iaik.pkcs.pkcs11.MechanismInfo[][] getUsedMechanismFeatures()

Returns an two-dimensional array of MechanismInfos that this engine class uses. For each mechanism used by this engine, the engine must provide at least one MechanismInfo. The first dimension (index) of the returned array corresponds to the used mechanism as returned by getUsedMechanisms(). The array at this index is the list of used feature combinations used by this engine. The current token must at least support one mechanism and one of the feature combinations (expressed as a MechanismInfo) of the same machanism.

Returns:

An two-dimensional array that includes MechanismInfo objects. The first dimension is equal to the array dimension of getUsedMechanisms(). The token must at least supprot one of these features.

Postconditions:

(result <> null) and (result.length > 0) and (result.length == getUsedMechanisms().length)

isSupportedBy

public boolean isSupportedBy(TokenManager tokenManager)

Check, if the current token of the given token manager supports the required features for this engine class.

Specified by:

isSupportedBy in interface PKCS11EngineClass

Parameters:

tokenManager - The token manager. Used to get information about the current token.

Returns:

True, if this engine class can be used with the currently present token of the given token manager.

Preconditions:

(tokenManager <> null)

initialize

public void initialize(int keysize,
                       java.security.SecureRandom random)
                throws java.security.InvalidParameterException

Just throws an UnsupportedOperationException. Use initialize(int, KCS11PublicKey, PKCS11PrivateKey) instead.

Specified by:

initialize in class java.security.KeyPairGeneratorSpi

Parameters:

keysize - The size of the keys in bits.

random - The source of randomness.

Throws:

java.security.InvalidParameterException - If the key-size is unsupported.

initialize

public void initialize(java.security.spec.AlgorithmParameterSpec params,
                       java.security.SecureRandom random)
                throws java.security.InvalidAlgorithmParameterException

Just throws an UnsupportedOperationException. Use initialize(int, KCS11PublicKey, PKCS11PrivateKey) instead.

Overrides:

initialize in class java.security.KeyPairGeneratorSpi

Parameters:

params - The algorithm parameters, which must be an instance of PKCS11KeyPairGenerationSpec and must not be null.

random - The source of randomness. This implementation ignores this parameter.

Throws:

java.security.InvalidAlgorithmParameterException - If the given parameters are invalid.

Preconditions:

(params instanceof PKCS11KeyPairGenerationSpec)

generateKeyPair

public java.security.KeyPair generateKeyPair()

Generate a new key pair.

Specified by:

generateKeyPair in class java.security.KeyPairGeneratorSpi

Returns:

The newly generated key-pair.

Postconditions:

(result <> null)

createPrivateKeyCreationTemplate

protected iaik.pkcs.pkcs11.objects.Object createPrivateKeyCreationTemplate(PKCS11KeyPairGenerationSpec keyPairGenerationSpec)

Create the public key template to use as input for the key-pair generation. The default implementation ignores the internal algorithm parameters of the given parameters. An overriding methode may take the internal algorithm parameters into account.

Parameters:

keyPairGenerationSpec - The algorithm parameters provided by the application.

Returns:

The key tempalte to serve as input for the PKCS#11 key-pair generation.

Postconditions:

(result <> null)

Preconditions:

(keyPairGenerationSpec <> null)

createPublicKeyCreationTemplate

protected iaik.pkcs.pkcs11.objects.Object createPublicKeyCreationTemplate(PKCS11KeyPairGenerationSpec keyPairGenerationSpec)

Create the public key template to use as input for the key-pair generation. The default implementation ignores the internal algorithm parameters of the given parameters. An overriding methode may take the internal algorithm parameters into account.

Parameters:

keyPairGenerationSpec - The algorithm parameters provided by the application.

Returns:

The key tempalte to serve as input for the PKCS#11 key-pair generation.

Postconditions:

(result <> null)

Preconditions:

(keyPairGenerationSpec <> null)

createPkcs11PrivateKey

protected IAIKPKCS11PrivateKey createPkcs11PrivateKey(TokenManager tokenManager,
                                                      iaik.pkcs.pkcs11.objects.PrivateKey privateKeyObject)

Create a new JCE RSA private key with the given PKCS#11 object.

Parameters:

tokenManager - The token manager of the token the object resides on.

privateKeyObject - The PKCS#11 private key object.

Returns:

The JCA RSA private key of this provider.

Postconditions:

(result <> null)

Preconditions:

(tokenManager <> null) and (privateKeyObject <> null)

createPkcs11PublicKey

protected IAIKPKCS11PublicKey createPkcs11PublicKey(TokenManager tokenManager,
                                                    iaik.pkcs.pkcs11.objects.PublicKey publicKeyObject)

Create a new JCE RSA public key with the given PKCS#11 object.

Parameters:

tokenManager - The token manager of the token the object resides on.

publicKeyObject - The PKCS#11 public key object.

Returns:

The JCA RSA private key of this provider.

Postconditions:

(result <> null)

Preconditions:

(tokenManager <> null) and (publicKeyObject <> null)

initializeSession

protected void initializeSession()

Sets up an appropriate session. The key must be set before.

initializePkcs11Operation

protected void initializePkcs11Operation()

The internal session initialization method, if all necessary member variables are set.

finalizePkcs11Operation

protected void finalizePkcs11Operation()

The internal session finalization method, if the current operation has been finished.

getMechanism

protected abstract iaik.pkcs.pkcs11.Mechanism getMechanism()

Get the mechanism that this key-pair generator uses.

Returns:

The mechanism that this key-pair generator uses.

Postconditions:

(result <> null)

getAlgorithmName

protected abstract java.lang.String getAlgorithmName()

Get the JCA algorithm name, e.g. DH, RSA, DSA or ECDSA.

Returns:

The JCA algorithm name.

Postconditions:

(result <> null)

validateAlgorithmParameterSpec

protected void validateAlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec parameters)
                                       throws java.security.InvalidAlgorithmParameterException

Check, if the given internal parameters are appropriate. This mean that the given parameter refers to the paremters got from the PKCS#11 paramters and not the The default implementation does not accept any parameters; i.e. the given parameters must be null.

Parameters:

parameters - The parameters to check.

Throws:

java.security.InvalidAlgorithmParameterException - If the parameters are inappropriate.

finalize

protected void finalize()
                 throws java.lang.Throwable

Tries to close the used session.

Overrides:

finalize in class java.lang.Object

Throws:

java.lang.Throwable - If disposing the session fails.